Transcription

1 WHITE PAPER Strategic Marketing Services Identity & Access Management in the Cloud: Fewer passwords, more productivity Cloud services are a natural for small and midsize businesses, with their ability to reduce costs, lower IT head count and improve business agility. But as they move more and more applications to the cloud, SMBs are coming face to face with some serious challenges the cloud presents with respect to identity management. Providing employees with secure, anytime, anywhere access to applications that may be hosted on company premises or in the cloud can be a difficult proposition. Premises-based identity management solutions may not extend to external service providers. But it s too cumbersome, time-consuming and error-prone to manually configure access to every application a user may need. In the end, SMBs may find it difficult to achieve the strict levels of control they need, especially if they have to meet regulatory compliance requirements. What SMBs need is an identity and access management (IAM) solution that spans both their internal IT infrastructure and external, cloud-based services, giving them one tool with which to manage both environments. Such a tool would deliver enhanced productivity for employees, who will be able to access the applications they need no matter where they are or what devices they re using. At the same time, the tool should provide the kind of security that IT and the business require. In short, it should empower users while protecting the business.

2 2 IDENTITY & ACCESS MANAGEMENT IN THE CLOUD RISE OF THE CLOUD SMBs will need such a solution soon (if they haven t deployed one already), because interest in the cloud is going nowhere but up. More than two-thirds (69 percent) of the respondents to the 2014 IDG Enterprise Cloud Computing Survey said they have at least one application in the cloud, up from just over half two years ago. Another 18 percent plan to use cloud applications or infrastructure within 12 months, and 13 percent plan to within one to three years. Add those numbers up, and you ll find that fully 100 percent of the survey respondents have plans to utilize the cloud. What s more, the survey found that the responses were similar across companies of all sizes, meaning that SMBs are using cloud services just as much as larger enterprises are. TOP CLOUD CHALLENGES When asked about their top challenges with respect to implementing cloud solutions, respondents to the IDG survey made it clear that security was front and center and many of the responses speak to the need for effective IAM. When the respondents were asked more specifically about the top challenges of security in the cloud, three of the top responses had to do with IAM: Uncertain ability to enforce security policy: 56 percent Questionable privileged access control at provider site: 42 percent Uncertainty that the provider meets regulatory requirements: 41 percent In practice, these challenges present myriad difficulties for IT and employees alike. Difficulty ensuring proper authorizations For IT it becomes difficult to be sure all employees have the appropriate level of access to data and applications meaning no more or less than they should. Most companies have well-established IAM tools, policies and procedures in place to ensure that employees can access only those resources for which they have the appropriate authorization. But those tools often don t extend to data and applications that reside in the cloud, which raises security and potentially regulatory issues. Security including access authorization, data integrity and data protection was the top cloud concern for IT executives, cited by 56 percent of those at SMBs specifically. What s more, those IT execs said line-of-business executives share their concerns, with 52 percent saying security is their top concern with respect to the cloud. Asked what issues needed to be addressed before they could fully embrace the cloud, the IDG survey respondents again put security at the top of the list. More than half (56 percent) said providers need to ensure security so they can meet compliance requirements. More than two-thirds (69%) of the respondents said they have at least one application in the cloud, up from just over half two years ago. SMBs are using cloud services just as much as larger enterprises are IDG Enterprise Cloud Computing Survey

3 3 IDENTITY & ACCESS MANAGEMENT IN THE CLOUD Without visibility into cloud-based offerings, IT can t produce the kind of comprehensive reports it routinely produces on in-house applications, networks and other resources. AZURE ACTIVE DIRECTORY: A COMPREHENSIVE IAM SOLUTION The antidote for all these ailments is an IAM solution that can span both the customer on-premises and cloud-based resources: Microsoft Azure Active Directory (Azure AD) Premium. SMBs are likely already familiar with Active Directory (AD) and how it provides directory services and single sign-on for their internal resources. Azure AD Premium does the same for cloudbased applications and resources and even more, by combining directory services, identity governance and application access management tools. Azure AD Premium provides directory services for all Microsoft cloud-based solutions, including Office 365, the Intune mobile device management solution and Azure cloud services. It is also designed to work with on-premises Active Directory and other directories, enabling SMBs to leverage their existing on-premises infrastructure for managing cloud resources. Arduous onboarding process Similarly, without IAM tools that extend to the cloud, the process of onboarding new employees and removing access for employees as they leave the organization is largely a manual one. That makes it far more cumbersome, time-consuming and error-prone than using an IAM tool. Password reset woes Password resets are another issue. Most companies long ago automated the process of letting employees reset their own passwords, removing a significant burden from IT help desks. Without an IAM solution that extends to the cloud, IT may well be back in the password reset business, losing valuable time in the process. Insufficient reporting What s more, without visibility into cloud-based offerings, IT can t produce the kind of comprehensive reports it routinely produces on in-house applications, networks and other resources. Such reporting is essential to identify issues such as imminent security threats to the organization, as well as performance and usage trends. In some cases, the lack of such reporting may make it difficult for the organization to deal with audits and meet regulatory requirements. Lost productivity Perhaps worst of all, these IAM issues may prevent employees from being able to get consistent, reliable access to all the applications and data they need to do their jobs. That can lead to employee frustration and loss of productivity. Single sign-on for thousands of apps Azure AD Premium provides numerous benefits to SMBs, beginning with single sign-on to thousands of applications, including on-premises business applications as well as cloud-based and even consumer apps. Just as AD has long been offering single sign-on for on-premises apps, it can now extend it to the cloud. Support for self-service capabilities SMBs will also benefit from several self-service capabilities, including password reset. This capability can significantly reduce IT support costs while increasing end user productivity. When users forget or want to change a password for a cloud or on-premises application, they can reset it on their own, with no help from IT. All the user groups an organization has already created in its on-premises AD environment can be extended to cloud offerings, making it easy for IT to authorize groups of users for various cloud applications. IT can also delegate group ownership to one or more authorized group members, enabling them to handle join and leave requests as well as requests to join other groups, again freeing IT resources. Similarly, IT can delegate certain users to act as administrators for users within their group or business unit. These administrators can then manage the users, applications and permissions associated with their unit, handling requests for applications and the like. This enables even larger SMBs to easily manage the organization in a distributed fashion, ensuring that those with direct responsibility for various employees are the ones managing their rights and permissions.

4 4 IDENTITY & ACCESS MANAGEMENT IN THE CLOUD Multifactor authentication To provide an extra level of identity assurance, Azure AD Premium supports multifactor authentication. In addition to a username and password, organizations can also require use of an extra means of authentication when users log in. Azure AD Premium supports various options, including push notifications and one-time passwords, phone calls and text messages each including a code that users must enter to be approved for log-in. Multifactor authentication reduces the risk of unauthorized user access, such as through phishing attacks, and may be required for regulatory compliance. It works for both on-premises and cloud applications and across both in a hybrid configuration. Users can also download the Azure Multi-Factor Authentication Server to provide added security when authenticating remote users, for web applications and for users connecting remotely. Conditional access controls In addition to multifactor authentication, Azure AD Premium supports conditional access controls. These controls enable an SMB to implement access policies that vary according to factors including the device in use, its level of trust, the location of the device, the time of day and what data or application the user is accessing. Controls can also apply to users, including their group membership, and to the strength of authentication required. With such controls, SMBs can differentiate between salespeople accessing the corporate network at headquarters, using their company-owned laptop, and HR execs trying to get at sensitive personnel data via the Wi-Fi network in a coffee shop. Advanced security reports and alerts Another important part of a good security plan is to be continuously vigilant and aware of any suspicious activity. Reporting and alerting are important components of that process. Azure AD Premium provides advanced security reports and alerts, enabling SMBs to create reports about issues such as suspicious log-in attempts, anomalous usage patterns, leaked credentials and sign-ins from potentially infected devices. Users can also create audit reports showing the activity of their most privileged users and administrators to ensure that they are not abusing their authority. AZURE ACTIVE DIRECTORY IN PRACTICE Azure AD Premium enables SMBs to institute several common business scenarios that make employees more productive without compromising security. These scenarios can span both on-premises and cloud applications and data. Enable a mobile workforce Organizations of all sizes are becoming more mobile as workers want even expect to be able to use the device of their choosing to access corporate resources from wherever they may be. The challenge for IT is to enable this mobile workforce in a way that s user-friendly for employees while being secure, compliant and auditable. With support for onpremises as well as cloud resources and for multifactor authentication and conditional access control, Azure AD Premium enables SMBs to control the use of data, applications and services. In short, it ensures that only trusted people and devices can access corporate resources. Provide access to partners and vendors SMBs often need to allow their partners, suppliers and perhaps even customers to access resources on the company network while using their own credentials. In the past, this often meant setting up federated relationships that enabled two organizations IAM solutions to trust each other. Although such federated configurations are effective, they can be complex to set up and maintain. With features due to be available in the fall of 2015, Azure AD Premium will provide an easier way, through a cloud- DIRECTORY OBJECTS

5 5 IDENTITY & ACCESS MANAGEMENT IN THE CLOUD based solution that enables IT to quickly grant access to thirdparty users without requiring a full-fledged federated setup. Ensure governance, risk management and compliance Cloud-based applications are no different from on-premises apps in terms of the need to ensure that only authorized users can access them. But when individual departments subscribe to cloud-based applications without informing IT, they can inadvertently expose the organization to unintended risk and compliance issues by removing the usual access controls. Azure AD Premium ensures that cloud applications are subject to the same access controls as existing on on-premises applications, because they are linked to the same centralized directory and use the same policies. As employees leave or join the organization, their accounts are automatically created or updated in Azure AD Premium, enabling IT to ensure that only authorized, current users have access to applications. Reporting capabilities that alert administrators to anomalous log-in attempts likewise help keep the organization secure. SEIZE THE CLOUD OPPORTUNITY WITH AZURE ACTIVE DIRECTORY There s no question that cloud offerings present SMBs with ample opportunity to lower their costs while increasing efficiency and agility. But these organizations will reap these benefits only if they can overcome some of the challenges cloud technology presents. Chief among the challenges is maintaining proper security for cloud-based applications and data. An important consideration is having an effective IAM strategy that spans both on-premises and cloud-based resources. Azure Active Directory Premium offers a solution enabling SMBs to easily extend the AD platform with which they are already familiar to also handle cloud solutions. Not using AD? Azure AD Premium also works with myriad other directory offerings. With Azure AD Premium, SMBs can reduce their risk while improving the productivity of their IT group and ensuring compliance with internal and external policies and regulations. To learn more about what Azure AD Premium can do for you, visit

VoiceTrust Whitepaper Employee Password Reset for the Enterprise IT Helpdesk Table of Contents Introduction: The State of the IT Helpdesk...3 Challenge #1: Password-Related Helpdesk Costs are Out of Control...

Sync, send, and receive: Why cloud-based email and storage make sense for your business INTRODUCTION Two of the most valuable services currently available to small and mid-sized businesses (SMBs) are cloud-based

NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must

The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before

MANAGING CLOUD APPS IN THE ENTERPRISE How to Overcome the Complexity Whitepaper 2 The Trouble with Managing Multiple Cloud Identities Over the last decade, cloud-based apps have become fundamental to how

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible IT transformation and evolving identities A number of technology trends, including cloud, mobility,

Five Reasons It s Time For Secure Single Sign-On From improved security to increased customer engagement, secure single sign-on is a smart choice. Executive Overview While cloud-based applications provide

managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout

WHITE PAPER The Cloud App Visibility Blind Spot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Line-of-business leaders everywhere are bypassing IT departments

Cisco Mobile Collaboration Management Service Cisco Collaboration Services Business is increasingly taking place on both personal and company-provided smartphones and tablets. As a result, IT leaders are

The Cloud Desktop For Business Unify Your Business IT Experience Move your business into the Cloud with one single, easy step. Secure all your apps & data in one place. What is OS33 Cloud Desktop for Business?

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service? provides identity and access management capabilities as a hosted cloud service. This allows you to quickly

is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

CENTRIFY PRIVILEGE SERVICE WHAT S NEW What s New in Centrify Privilege Service Centrify Identity Platform 15.4 Centrify Privilege Service Centrify Privilege Service is a cloud-based password and access

A THINKstrategies Primer for CIOs Making the Move to a Cloud-Based IT Service : Why the Time Is Right to Put Aside Your Fears & Capitalize on Today s Latest Innovations Published on Behalf of BMC Software

WHITEPAPER SECUREAUTH IDP AND OFFICE 365 STRONG AUTHENTICATION AND SINGLE SIGN-ON FOR THE CLOUD-BASED OFFICE SUITE EXECUTIVE OVERVIEW As more and more enterprises move to the cloud, it makes sense that

Cloud Services Catalog with Epsilon Modern IT enterprises face several challenges while building a service catalog for their data center. Provisioning with a cloud management platform solves some of these

The Current and Future State of IT When, Where, and How To Leverage the The and the Players Software as a Service Citrix VMWare Google SalesForce.com Created and Presented by: Rand Morimoto, Ph.D., MCITP,

Active Directory Integration Even as enterprises continue to adopt more cloud applications, Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) still play a critical role in how information

SAFELY ENABLING MICROSOFT OFFICE 365: THREE MUST-DO BEST PRACTICES Netskope 2015 Enterprises are rapidly adopting Microsoft Office 365. According to the Netskope Cloud Report, the suite is among the top

M-FILES CORPORATION USING FEDERATED AUTHENTICATION WITH M-FILES VERSION 1.0 Abstract This article provides an overview of federated identity management and an introduction on using federated authentication

Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

SECURING MICROSOFT OFFICE 365 WHITE PAPER Do a search for trending IT topics today, and it s hard to find one that s more discussed or more controversial than cloud services. IT departments love that they

A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide

The problem with privileged users: What you don t know can hurt you FOUR STEPS TO Why all the fuss about privileged users? Today s users need easy anytime, anywhere access to information and services so

Media Shuttle s Defense-in- Depth Security Strategy Introduction When you are in the midst of the creative flow and tedious editorial process of a big project, the security of your files as they pass among

Microsoft Azure Multi-Factor authentication (Concept Overview Part 1) In this Document we will discuss the concept of Azure Multifactor Authentication (MFA) concept, when and how you can use it and what

Overview Password Manager Pro offers a complete solution to control, manage, monitor and audit the entire life-cycle of privileged access. In a single package it offers three solutions - privileged account

ECM AS A CLOUD PLATFORM: KEEP IT SIMPLE TABLE OF CONTENTS ECM as a Cloud Platform 2 What is a Cloud Platform? 2 What is a Cloud Application? 3 SpringCM The World s Leading ECM Cloud Platform Provider 6

SOLUTION BRIEF: PROTECTING ACCESS TO THE CLOUD........................................ How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications Who should read this

Active Directory & Office 365 Administration has Never Been Easier! Microsoft Active Directory (AD) is at the center of most enterprise strategies for granting users and groups the correct access to resources

Traditional vs Software Defined Networking Why a new perspective on network management is inevitable IT industry has enjoyed innovation such as virtualization in computing and storage. The end is nowhere

2015 Unified Communications & Collaboration Survey Exclusive Research from Unified Communications and Collaboration Moves to the Cloud Costs, security and integration are top challenges to improving employee

White Paper What is an Identity Provider, and Why Should My Organization Become One? May 2015 Executive Overview Tame Access Control Security Risks: Become an Identity Provider (IdP) Organizations today

CENTRIFY DEPLOYMENT GUIDE Google Apps Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of your corporate

Key Authentication Considerations for Your Mobile Strategy The Need for Mobile Authentication Reaches Critical Mass According to an old adage, consumers speak through their pocketbooks. While that saying

To ensure the functioning of the site, we use cookies. We share information about your activities on the site with our partners and Google partners: social networks and companies engaged in advertising and web analytics. For more information, see the Privacy Policy and Google Privacy &amp Terms.
Your consent to our cookies if you continue to use this website.